US8242892B2 - System, method and program product for communicating a privacy policy associated with a radio frequency identification tag and associated object - Google Patents

System, method and program product for communicating a privacy policy associated with a radio frequency identification tag and associated object Download PDF

Info

Publication number
US8242892B2
US8242892B2 US12370365 US37036509A US8242892B2 US 8242892 B2 US8242892 B2 US 8242892B2 US 12370365 US12370365 US 12370365 US 37036509 A US37036509 A US 37036509A US 8242892 B2 US8242892 B2 US 8242892B2
Authority
US
Grant status
Grant
Patent type
Prior art keywords
identifier
privacy policy
tag
rfid
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US12370365
Other versions
US20100201489A1 (en )
Inventor
Phillip H. Griffin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q2213/00Indexing scheme relating to selecting arrangements in general and for multiplex systems
    • H04Q2213/13003Constructional details of switching devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q2213/00Indexing scheme relating to selecting arrangements in general and for multiplex systems
    • H04Q2213/13095PIN / Access code, authentication

Abstract

A system, method and program product for communicating a privacy policy associated with a RFID tag. The method includes defining in an tag a first identifier for uniquely identifying the object and a second identifier for uniquely identifying a privacy policy that indicates a proper and intended use and level of protection to be afforded data/information transmitted by the identification tag coupled to the object, associating the second identifier with the first identifier, each of the first identifier and the second identifier being coupled to the identification tag, and responsive to detection of a communication signal received from a receptor, transmitting the first identifier and the second identifier, which includes an accept-reject provision for controlling dissemination and usage of the data/information transmitted by the identification tag, where based on a response received to the accept-reject provision, the data/information is either transmitted or not transmitted to the recipient.

Description

FIELD OF THE INVENTION

The present invention relates to computer systems and software, and more specifically to a technique for communicating a privacy policy associated with data and information stored on a Radio Frequency Identification (RFID) tag associated with a physical object.

BACKGROUND OF THE INVENTION

Data transmitted using a portable Radio Frequency Identification (RFID) tag may be used to uniquely identify an object, its location, or its characteristics, for instance, its color, shape, size, etc. An object containing an RFID tag can be used to identify or locate an individual associated with the object. Currently, there is no standardized means to indicate how information contained in an RFID tag should be protected during proper use. As such, there is a need for indicating a level of protection to be afforded the information contained in an RFID tag associated with a physical object in possession of an individual, to effectively specify the intended and proper use and handling of the information contained in the RFID tag without compromising the privacy of the individual.

SUMMARY OF THE INVENTION

The present invention resides in a system, method and program product for communicating a privacy policy associated with a Radio Frequency Identification (RFID) tag for a physical object, and any information content contained in the RFID tag, in accordance with an embodiment of the invention. The method for communicating a privacy policy associated with data and information stored in an identification tag includes defining in an identification tag one or more attributes referencing characteristics of a physical object, the one or more attributes includes a first identifier assigned to the physical object for uniquely identifying the physical object and a second identifier created for uniquely identifying a privacy policy that indicates to a recipient a proper and intended use of and a level of protection to be afforded data and information transmitted by the identification tag coupled to the physical object, associating the second identifier created with the first identifier assigned to the physical object, each of the first unique identifier and the second unique identifier being coupled to the identification tag, and responsive to detection of a communication signal received from a receptor, transmitting to the receptor the first identifier and the second identifier, the second identifier includes an accept-reject provision for the privacy policy for controlling dissemination and usage of the data and information transmitted by the identification tag, wherein based on a response received from a recipient to the accept-reject provision for the privacy policy, the data and information is either transmitted or not transmitted to the recipient. The method further includes signing the one or more attributes for cryptographically binding the one or more attributes to the identification tag. In an embodiment, the transmitting step further includes first ascertaining whether the recipient has accepted the accept-reject provision for the privacy policy referenced by the second identifier before transmitting to the recipient the data and information contained in the identification tag. In an embodiment, the transmitting step further includes responsive to a determination that the recipient has not accepted the accept-reject provision for the privacy policy referenced by the second identifier, not transmitting the data and information contained in the identification tag. In an embodiment, the defining step further includes assigning a first identifier to the physical object to be identified, and assigning a second identifier for the privacy policy for controlling dissemination and usage of the data and information. In an embodiment, the identification tag includes at least one of: an active tag and a passive tag. In an embodiment, the identification tag includes a chipless Radio Frequency Identification (RFID) tag, an active Radio Frequency Identification (RFID) tag, a bar code, a smart card, a chip card or an integrated circuit (ICC).

In another aspect, the invention provides a computer system for communicating a privacy policy associated with data and information stored on an identification tag, the computer system includes first program instructions to define in an identification tag one or more attributes referencing characteristics of a physical object, the one or more attributes includes a first identifier assigned to the physical object for uniquely identifying the physical object and a second identifier created for uniquely identifying a privacy policy that indicates to a recipient a level of protection to be afforded data and information transmitted by the identification tag coupled to the physical object, second program instructions to associate the second identifier created with the first identifier assigned to the physical object, each of the first unique identifier and the second unique identifier being coupled to the identification tag, third program instructions to transmit to a receptor, responsive to detection of a communication signal from the receptor, the first identifier and the second identifier, the second identifier includes an accept-reject provision for the privacy policy for controlling dissemination and usage of the data and information stored on the identification tag, wherein based on a response received from a recipient to the accept-reject provision for the privacy policy, the data and information is either transmitted or not transmitted to the recipient, a computer readable storage medium, the computer readable storage medium storing each of the first, second and third program instructions, and a central processing unit for executing each of the first, second and third program instructions. The computer system further includes fourth program instructions to sign the one or more attributes for cryptographically binding the one or more attributes to the identification tag, wherein the fourth program instructions are recorded on the computer readable storage medium. In an embodiment, the first program instructions include instructions to first ascertain whether the recipient has accepted the accept-reject provision for the privacy policy referenced by the second identifier before transmitting to the recipient the data and information contained in the identification tag. In an embodiment, the third program instructions include instructions to not transmit the data and information contained in the identification tag responsive to a determination that the recipient has not accepted the accept-reject provision for the privacy policy referenced by the second identifier. In an embodiment, the first program instructions further include instructions to assign a first identifier to the physical object to be identified and to assign a second identifier for the privacy policy for controlling dissemination and usage of the data and information. In an embodiment, the identification tag includes at least one of: an active tag and a passive tag. In an embodiment, the identification tag includes a chipless Radio Frequency Identification (RFID) tag, an active Radio Frequency Identification (RFID) tag, a bar code, a smart card, a chip card or an integrated circuit (ICC).

In yet another aspect, the invention provides a computer program product for communicating a privacy policy associated with data and information stored on an identification tag. The computer program product includes a computer readable storage medium, first program instructions to define in an identification tag one or more attributes referencing characteristics of a physical object, the one or more attributes includes a first identifier assigned to the physical object for uniquely identifying the physical object and a second identifier created for uniquely identifying a privacy policy that indicates to a recipient a level of protection to be afforded data and information transmitted by the identification tag coupled to the physical object, second program instructions to associate the second identifier created with the first identifier assigned to the physical object, each of the first unique identifier and the second unique identifier being coupled to the identification tag, and third program instructions to transmit to a receptor, responsive to detection of a communication signal from said receptor, the first identifier and the second identifier, the second identifier includes an accept-reject provision for the privacy policy for controlling dissemination and usage of the data and information stored on the identification tag, wherein based on a response received from a recipient to the accept-reject provision for the privacy policy, the data and information is either transmitted or not transmitted to the recipient, and wherein the first, second and third program instructions are recorded on the computer readable storage medium. The computer program product further includes fourth program instructions to sign the one or more attributes for cryptographically binding the one or more attributes to the identification tag, wherein the fourth program instructions are recorded on the computer readable storage medium. In an embodiment, the first program instructions further include instructions to assign a first identifier to the physical object to be identified and to assign a second identifier for the privacy policy for controlling dissemination and usage of the data and information, and wherein the first program instructions include instructions to first ascertain whether the recipient has accepted the accept-reject provision for the privacy policy referenced by the second identifier before transmitting to the recipient the data and information contained in the identification tag. In an embodiment, the third program instructions include instructions to not transmit the data and information contained in the identification tag responsive to a determination that the recipient has not accepted the accept-reject provision for the privacy policy referenced by the second identifier. In an embodiment, the identification tag includes at least one of: an active tag and a passive tag. In an embodiment, the identification tag includes a chipless Radio Frequency Identification (RFID) tag, an active Radio Frequency Identification (RFID) tag, a bar code, a smart card, a chip card or an integrated circuit (ICC).

Further, in yet another aspect, the invention provides a process for deploying computing infrastructure includes integrating computer-readable code into a computing system, wherein the code in combination with the computing system is capable of performing a process for communicating a privacy policy associated with data and information. The process includes defining in an identification tag one or more attributes referencing characteristics of a physical object, the one or more attributes includes a first identifier assigned to the physical object for uniquely identifying the physical object and a second identifier created for uniquely identifying a privacy policy that indicates to a recipient a level of protection to be afforded data and information transmitted by the identification tag coupled to the physical object, associating the second identifier created with the first identifier assigned to the physical object, each of the first unique identifier and the second unique identifier being coupled to the identification tag, responsive to detection of a communication signal from a receptor, transmitting to the receptor the first identifier and the second identifier, the second identifier includes an accept-reject provision for the privacy policy for controlling dissemination and usage of the data and information stored on the identification tag, wherein based on a response received from a recipient to the accept-reject provision for the privacy policy, the data and information is either transmitted or not transmitted to the recipient, and signing the one or more attributes for cryptographically binding the second identifier to said first identifier. In an embodiment, the transmitting step further includes first ascertaining whether the recipient has accepted the accept-reject provision for the privacy policy referenced by the second identifier before transmitting to the recipient the data and information contained in the identification tag. In an embodiment, the transmitting step further includes responsive to a determination that the recipient has not accepted the accept-reject provision for the privacy policy referenced by the second identifier, not transmitting the data and information contained in the identification tag. In an embodiment, the identification tag includes at least one of: an active tag and a passive tag. In an embodiment, the identification tag includes a chipless Radio Frequency Identification (RFID) tag, an active Radio Frequency Identification (RFID) tag, a bar code, a smart card, a chip card or an integrated circuit (ICC).

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and form a part of this specification, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention:

FIG. 1 depicts an embodiment of a computer infrastructure for communicating a privacy policy associated with a Radio Frequency Identification (RFID) tag for a physical object for specifying the intended and proper handling and use of the information contained in the RFID tag, in accordance with an embodiment of the present invention.

FIG. 2 is a block diagram depicting an illustration of a Radio Frequency Identification (RFID) tag containing a privacy policy attribute identifying a privacy policy associated with the RFID tag for specifying the intended and proper handling and use of the information contained in the RFID tag, in accordance with an embodiment of the present invention.

FIG. 3 is a block diagram depicting one embodiment of an illustration of a transfer of information contained in a Radio Frequency Identification (RFID) tag embedded in or attached to a physical object to an RFID receptor, in accordance with an embodiment of the present invention.

FIG. 4 is a block diagram depicting one embodiment of an illustration of a transfer of information contained in a Radio Frequency Identification (RFID) tag embedded in or attached to a physical object to an RFID receptor, in accordance with an embodiment of the present invention.

FIG. 5 depicts a flowchart outlining the steps for providing a Radio Frequency Identification (RFID) tag for a physical object that also contains a privacy policy that is associated with the RFID tag for specifying the intended and proper use of the information contained in the RFID tag, in accordance with an embodiment of the present invention.

FIG. 6 depicts a flowchart outlining the steps performed by a RFID system for communicating information contained in a Radio Frequency Identification (RFID) tag for a physical object having a privacy policy associated with the RFID tag for specifying the intended and proper handling and use of the information contained in the RFID tag, in accordance with an embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

Reference throughout this specification to “one embodiment,” “an embodiment,” or similar language means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrases “in one embodiment,” “in an embodiment,” and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment.

Moreover, the described features, structures, or characteristics of the invention may be combined in any suitable manner in one or more embodiments. It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents. Reference will now be made in detail to the preferred embodiments of the invention.

In one embodiment, the invention provides a computer infrastructure 100 for communicating a privacy policy associated with an identification tag or device, such as, a Radio Frequency Identification (RFID) tag (also referred to herein as “RFID tag” or “RFID” or simply as “tag”) attached or embedded in a physical object, such that, the privacy policy specifies the intended and proper use and handling of the information contained in the RFID tag for the object, in accordance with an embodiment of the invention. In an embodiment, the RFID tag or device 152 attached to or embedded in a physical object 150 is an active RFID tag that comprises a microchip combined with an antenna in a compact unit that is equipped with a battery that provides a source of power for the RFID tag's circuitry and antenna. In another embodiment, the RFID tag 152 attached to or embedded in a physical object 150 is a chipless RFID tag (also known as RF fibers) that does not include any integrated circuit technology and instead comprises fibers that reflect a portion of the receptor or reader's radio-frequency signal back. Although the invention is described in terms of a Radio Frequency Identification (RFID) tag, it will be understood that an identification tag may include a bar code, a smart card, a chip card or an integrated circuit (ICC) having integrated circuits that can process data. Reference is now made to FIG. 1, reference numeral 100, which schematically illustrates an embodiment of a computer infrastructure that has deployed thereon a Radio Frequency Identification (RFID) application 114 for communicating a privacy policy associated with a Radio Frequency Identification (RFID) tag embedded in or attached to a physical object for indicating the level of protection required for the information contained in the RFID tag and its proper and intended use. As shown in FIG. 1, the infrastructure 100 includes a computer system 102 that is connected to a network 130. In an embodiment, as depicted in FIG. 1, computer system or server 102 is intended to represent any type of computer system that is maintained in a secure environment, that is, for which access control is enforced (as represented by the dotted lines indicated by reference numeral 101). In an embodiment, the computer system 102 is an information processing server that includes a RFID application 114 for programming RFID tags embedded in or attached to objects. Further, the computer system or server 102 is configured to work with RFID receptors that interrogate or query RFID tags associated with the system 100. In an embodiment, the computer system 102 includes an attribute tool or program 116 for creating one or more attributes that are to be associated with the RFID tag, as discussed herein below. Further, in an embodiment, the computer system 102 includes an authentication tool 118 for signing attributes, as discussed further herein below. As shown in FIG. 1, the RFID system 100 includes a receptor or reader or scanner 140 for receiving a tag identifier and other information from an identification tag 152 embedded in or affixed to a physical object 150. In an embodiment, the receptor 140 comprises a RFID receptor that has an antenna 142 that receives radio waves for reading or radiates radio waves for interrogating a RFID tag 152. In an embodiment, the RFID tag 152 also comprises an antenna (not shown in any of the drawings). The RFID tag's antenna picks up the signals radiated from the RFID receptor or scanner or reader device 140 and the RFID tag 152 responds to the signal by sending data and/or information 159 stored within the RFID tag 152. Further, the receptor 140 transmits, via network 130, the data and/or information 159 read from the RFID tag 152 to the computer system 102 for storage. In an embodiment, the data and/or information received is stored within a database 120 associated with computer system or server 102, as shown by reference numeral 128 in database 120. In an embodiment, the RFID tag 152 embedded in or attached to the object 150 further includes a unique tag identifier or object identifier 154 that is radiated or broadcasted by the RFID tag when the tag is scanned, and where the unique tag identifier 154 uniquely identifies the object 150 associated with the identification tag or RFID tag 152. The RFID receptor 140 reads data and/or information related to the unique tag identifier within the identification tag 152. Further, the RFID tag 152 for the physical object 150 includes a privacy policy attribute 156 that contains a privacy policy identifier 158 that uniquely identifies a privacy policy that is to be associated with the identification tag 152 for indicating a level of protection required for the data and/or information contained in the RFID tag 152 and its proper and intended use by a recipient, as explained further herein below with respect to FIGS. 2-4. Referring to FIG. 1, the computer system or server 102 is shown to include a CPU (Central CPU) 106, a memory 112, a bus 110, and input/output (I/O) interfaces 108. Further, the server 102 is shown in communication with external I/O devices/resources 126 and database 120. In general, CPU 106 executes computer program code stored in memory 112, such as the RFID application 114, the attribute tool 116 for creating or defining one or more attributes to be included in the RFID tag 152, and an authentication tool 118 for signing attributes that are created for an identification tag 152. In an embodiment, the one or more identifier(s) 122 and privacy policies 124 that are associated with a RFID tag 152 are stored in database 120. Further, in an embodiment, any data and/or information 128 transmitted by the RFID tag 152 are stored in database 120. In general, CPU 106 executes computer program code stored in memory 112, such as the RFID application 114 and/or the attribute tool 116 for creating identification tags 152 that have associated with it a privacy policy attribute 156 that contains a privacy policy identifier 154. While executing the RFID application or program 114 on the computer system or server 102, the CPU 106 can read and/or write data, to/from memory 112, database 120, and/or I/O interfaces 108, such as, the data and/or information 128 stored in database 120. Alternatively, the RFID application 114 may store the data and/or information in memory 112. Bus 110 provides a communication link between each of the components in computer system 102, such that information can be communicated within the infrastructure 100. External devices 126 can comprise any devices (e.g., keyboard, pointing device, display, etc.) that enable a user to interact with computer system 102 and/or any devices (e.g., network card, modem, etc.) that enable the system 102 to communicate with one or more other computing devices, such as, the receptor 140 and/or the identification tag 152. The attribute tool 116 and/or the authentication tool 118 can be loaded into memory 112 of the computer system 102 from a computer-readable storage medium or media (reference numeral 125), such as, a magnetic tape or disk, optical media, DVD, memory stick, semiconductor memory, etc. or downloaded from the server via a network adapter card (reference numerals 104) installed on the computer system or server 102. Similarly, the privacy policy attributes created by the computer system 102 for a RFID or identification tag 152 can be loaded onto the tag 152 using a storage medium or media (reference numeral 160). It should be understood, however, that although not shown, other hardware and software components (e.g., additional computer systems, routers, firewalls, etc.) could be included in infrastructure 100.

Reference is now made to FIG. 2, reference numeral 200, which depicts an illustration of a Radio Frequency Identification (RFID) tag embedded in or attached to a physical object that further has associated with it a privacy policy attribute for identifying a privacy policy associated with the RFID tag, where the privacy policy specifies the intended and proper use and handling of the data and/or information contained in the RFID tag, in accordance with an embodiment of the present invention. In an embodiment, the RFID tag 202 comprises a unique RFID identifier (also referred to herein as “tag identifier” or “object identifier” 204 that comprises a value that is radiated as waves by the RFID device when the device is scanned. In an embodiment, the RFID identifier 204 uniquely identifies an associated object that the Radio Frequency Identification (RFID) tag is embedded in or attached to. Further, in an embodiment, the RFID tag 202 has associated with it a privacy policy attribute 212, which comprises a generic information object that contains two unique information object identifier (OID) values. The first identifier identifies the attribute as a privacy policy attribute, as opposed to some other type of attribute and the second identifier identifies the type of content carried in the information object, namely, a RFID privacy policy. In an embodiment, the privacy_Attribute-ID 214 is a globally unique identifier that identifies the type of attribute as a privacy policy attribute and the RFID_Privacy-Policy-ID 216 is a globally unique identifier that identifies the privacy policy attribute content, in particular, that the content is a RFID privacy policy. In an embodiment, the RFID_Privacy-Policy-ID 216 identifies an information object that can comprise a document, a web page, or perhaps a law. The privacy policy identifier 216 can be created in the form of an information object identifier (OID) as defined in ISO/IEC 8824-1 and ISO/IEC 9834-8, a universally unique identifier (UUID) as defined in ISO/IEC 9834-8, a uniform resource identifier (URI) as defined in RFC 2396, a cryptographic hash of an RFID privacy policy, a digital signature over the privacy policy, or some other means of uniquely naming the privacy policy. When OIDs, UUIDs, or URIs are used, these indicators can be included in the RFID privacy policy attribute information. Further, as shown in FIG. 2, the unique RFID identifier 204 for the tag 202 is cryptographically bound to the privacy policy attribute 212 using a digital signature or a cryptographic binding 222. In particular, a hash or hash value (reference numeral 224) is first computed over the unique RFID identifier (reference numeral 204) and a hash value (reference numeral 226) is computed over the privacy policy attribute (reference numeral 212). Then, any of a number of algorithms can be used to sign the respective hash values 224 and 226. For instance, if a RSA algorithm is used to sign the hash, a private key is used to encrypt the hash to form the digital signature, which is then decrypted by a relying party using their associated public key. However, the unique RFID identifier 204 can be cryptographically bound to the privacy policy attribute 212 using other methods, such as a Message Authentication Code (MAC) or encryption. Accordingly, the RFID privacy policy associated with the RFID tag (and by proxy the associated object) indicates the level of protection required for the RFID data and/or information transmitted and its proper and intended use. In an embodiment, the privacy policy attribute 212 may be placed in the RFID tag 202 itself (shown as reference numeral 206), such that, the privacy policy attribute is transmitted with the RFID identifier or tag identifier information itself. Further, in an embodiment, the privacy policy attribute may be signed and the signature (reference numeral 208) is included in the RFID tag 202. Furthermore, in an embodiment, the RFID tag 202 containing a privacy policy attribute need not be signed with a signature (reference numeral 222) when used in a context in which a trust relationship has been established. However, when trust by a third party is needed, the privacy policy attribute 212 is signed with a signature 222 (using an authentication tool 118 as shown in FIG. 1) and the signature 222 is included in the RFID tag as a component of the signed privacy policy attribute, which notifies a relying party that there is a privacy policy associated with the RFID tag. When the signature is validated and trust in the signed information is established, the relying party is assured that the privacy policy is for the given RFID tag, since the signature 222 covers the hash of the unique RFID identifier (reference numeral 224) and the hash of the privacy policy attribute (reference numeral 226) and the relying party can compare this signed hash to ensure that the hash is identical to a hash the relying party computes over the unique RFID identifier value embedded in or attached to the objected containing the privacy policy attribute.

Reference is now made to FIGS. 3 and 4, which depict various embodiments of a RFID system, illustrating a transfer of information contained in a Radio Frequency Identification (RFID) tag embedded in or attached to a physical object to an RFID receptor, in accordance with an embodiment of the present invention. Turning to FIG. 3, reference numeral 300 depicts the transfer of information from an identification tag or RFID tag 304 embedded in or attached to a physical object 302 to a RFID receptor 320. In an embodiment, the RFID tag 304 embedded in or attached to the object 302 further includes a unique tag identifier or object identifier 306 that uniquely identifies the object 302 associated with the RFID tag. The RFID receptor 320 reads data and/or information 310 related to the unique tag identifier within the identification tag 304. Further, the RFID tag 304 for the physical object 302 includes a privacy policy attribute 307 that includes a privacy policy identifier 308 for uniquely identifying a privacy policy associated with the identification tag 304 for indicating a level of protection required for the data and/or information 310 contained in the RFID tag 304 and its proper and intended use by a recipient. The RFID tag 304 transmits the privacy policy indicator to an RFID receptor 320. Based on the identified privacy policy requirements, the RFID receptor 320 acts on the information transferred by the RFID tag 304. The RFID receptor 320 may discard the information 310 after use or refuse to further process the information, or when the privacy policy allows, encrypt the information 310 for secure storage or transfer of the information 310 to a computer system (as shown in FIG. 1).

Turning to FIG. 4, reference numeral 400 depicts a RFID system for the transfer of information 410 from an identification tag or RFID tag 404 embedded in or attached to a physical object 402 to a RFID receptor 420, where a protocol is used to transmit an accept-reject provision for the privacy policy and where the information 410 is only transmitted from the RFID tag to the recipient, if the privacy policy provision is accepted. In an embodiment, the RFID tag 404 embedded in or attached to the object 402 further includes a unique tag identifier or object identifier 406 that uniquely identifies the object 402 associated with the RFID tag. The RFID receptor 420 reads data and/or information 410 related to the unique tag identifier within the identification tag 404. Further, the RFID tag 404 for the object 402 includes a privacy policy attribute 407 that includes a privacy policy identifier 408 that uniquely identifies a privacy policy associated with the identification tag 404 for indicating a level of protection required for the data and/or information 410 contained in the RFID tag 404 and its proper and intended use by a recipient. The RFID tag 404 transmits the privacy policy indicator to an RFID receptor 420. Based on the requirements of the identified privacy policy, the RFID receptor 420 may accept or reject the privacy policy, as explained further herein below. Only if the privacy policy provision is accepted will the information 410 be transferred by the RFID tag 404. In an embodiment, the RFID tag 404 within system 400 may require a digital signature on an acknowledgement to indicate acceptance of the privacy policy provision and the RFID system may archive this agreement or transfer this information to an event log for auditing purposes. For instance, the RFID tag 404 may send encrypted content with an indicator of the previously agreed key needed to decrypt the content or the RFID or identification tag 404 may establish an encryption key by other means, such as, by using a key agreement scheme, or using a key transport mechanism. As such, a RFID or identification tag 404 with only read and write capabilities contains information 410 that may be revealed only to recipients who identify themselves and agree to adhere to the privacy policy for the information 410 on the RFID tag 404. In an embodiment, the data and information 410 may be protected by encryption, and may be digitally signed. An entity reads a tag identifier 406, a privacy policy attribute containing the privacy policy identifier 408, and some encrypted data 410. In an embodiment, the privacy policy attribute contains a privacy policy identifier, and a Uniform Resource Identifier (URI) in the form of a Uniform Resource Locator (URL). To recover the plaintext from the encrypted data 410, the entity communicates with a server using the URL and a query string containing the tag identifier and the privacy policy identifier. The general syntax of the query string is:
?tag1=policy1&tag2=policy2&tag3=policy3
The information in this attribute uses the value of the tag component of an RFID tag, which uniquely identifies both an RFID tag and the key needed to decrypt the encrypted RFID content, and a privacy policy identifier value registered by a cryptographic service provider that uniquely identifies the privacy policy for the encrypted content on the RFID tag. These identification values serve as the two parameters “<tag>” and “<policy>” of a URI query string. In an embodiment, a fully formed URL and query string can suffice as the privacy policy attribute stored on the RFID tag. With the tag identifier and privacy policy identifier parameters, and the interface provided by the GET method of HTTP, a URI query string can be constructed that returns the key needed to decrypt the content on a particular RFID. In an embodiment, the complete query string is formed by concatenating a query URI and the tag identifier and privacy policy identifier values. The server receiving the query string uses the tag identifier to determine which key is needed to decrypt the encrypted content stored on a given RFID tag. Further, the server uses the privacy policy identifier to determine the protocol it needs to follow in releasing the decryption key to the entity, so that the requirements of the privacy policy can be met. The server authenticates itself to the entity and asks the entity to authenticate itself to the server, and for the entity to accept the privacy policy for the encrypted data on the RFID. This mutual authentication is performed using public-private key pairs associated with digital certificates, which allows the server to keep information on when and to whom it has provided a particular key that can recover the plaintext from the encrypted content on the RFID, and to receive from the entity a public key which it can use to encrypt a symmetric key that only the entity in possession of the associated private key can recover. If entity authentication to the server fails, or the entity fails to agree to accept the privacy policy, the key is not provided by the server and the entity cannot recover the encrypted content on the RFID. If the entity authenticates to the server and accepts the privacy policy, the server encrypts the RFID content decryption key using the public key of the entity, so that only the private key of the entity can recover the decryption key. The server sends the protected decryption key to the entity. The entity decrypts the received content using the private key component of its public-private key pair and recovers the RFID content decryption key. The entity then decrypts the encrypted RFID content to recover the plaintext protected on the RFID tag.

In another embodiment, the invention provides a method for communicating a privacy policy associated with an identification tag or device embedded in or associated with a physical object for specifying the intended and proper use and handling of the data and/or information contained in the RFID tag. Reference is now made to FIG. 5, reference numeral 500, which depicts a flowchart outlining the method steps for providing a Radio Frequency Identification (RFID) tag for a physical object that includes a privacy policy information for specifying the intended and proper use and handling of the data and/or information contained in the RFID tag, in accordance with an embodiment of the present invention. The method begins with providing, in step 502, an identification tag or RFID tag that has a unique identifier for uniquely identifying a physical object. In step 504, data and information for the object are stored on the RFID tag. Further, in step 506, a privacy policy is provided or selected for the data and information stored on the identification tag. A globally unique privacy policy identifier is assigned to the privacy policy in step 508. In step 510, the unique privacy policy identifier is associated with the RFID tag embedded in or attached to a physical object. In an embodiment, a unique privacy policy identifier can be used to indicate a particular RFID privacy policy and to serve as a name for the privacy policy. As mentioned herein above, the privacy policy identifier could be created in the form of an information object identifier (OID) as defined in ISO/IEC 8824-1 and ISO/IEC 9834-8, a universally unique identifier (UUID) as defined in ISO/IEC 9834-8, a uniform resource identifier (URI) as defined in RFC 2396, a cryptographic hash of an RFID privacy policy, a digital signature over the privacy policy, or some other means of uniquely naming the privacy policy. When OIDs, UUIDs, or URIs are used for creating privacy policy identifiers, these indicators could be included in the RFID privacy policy information. The RFID privacy policy associated with the RFID tag (and associated object) indicates the level of protection required for the RFID data and/or information transmitted and its proper and intended use. As such, the RFID privacy policy indicator within the identification or RFID tag allows RFID users to determine the appropriate level of protection needed when using the RFID information and to avoid improper use and handling of the information. Further, the RFID privacy policy identifier along with the RFID tag can be used to manage the risk of unauthorized storage, retention and/or aggregation of the RFID information, and may be used to safeguard against inappropriate use.

Reference is now made to FIG. 6, reference numeral 600, which depicts a flowchart outlining the steps performed by a RFID system for communicating information contained in a Radio Frequency Identification (RFID) tag embedded in or attached to a physical object, where the RFID tag further communicates a privacy policy associated with the RFID tag for specifying the intended and proper use and handling of the data and/or information contained in the RFID tag, in accordance with an embodiment of the present invention. In step 602, a communication signal is detected with a RFID receptor. The RFID tag transmits the unique object identifier or tag identifier in step 604. Further, in step 606, the RFID tag transmits the unique privacy policy identifier along with an accept-reject provision for the privacy policy. A determination is made by the RFID tag in step 608 as to whether or not the privacy policy provision has been accepted. If the accept-reject provision is accepted, then the RFID tag transmits in step 610 the data and information stored for the object on the RFID tag to the receptor, ending the process. However, if a determination is made in step 608 that the accept-reject provision is not accepted, then the RFID tag does not transmit the data and information stored for the object on the RFID tag to the receptor, ending the process.

Accordingly, the invention provides a system, method and a program product for communicating a privacy policy associated with data and information stored on a Radio Frequency Identification (RFID) tag for a physical object, in accordance with an embodiment of the invention. The invention facilitates effective RFID information security management, since it helps organizations that are exposed to risk of non-compliance with privacy laws and regulations manage the privacy of the information contained in objects containing RFIDs. As such, the invention may be used in an identity management, identification, authentication, or authorization system that incorporates the use of RFIDs. For instance, retail stores selling equipment could use RFID tags containing privacy policy attribute for identifying a privacy policy required for the information transmitted by the RFID tags.

The foregoing descriptions of specific embodiments of the present invention have been presented for the purpose of illustration and description. They are not intended to be exhaustive or to limit the invention to the precise forms disclosed, and obviously many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and its practical application, to thereby enable others skilled in the art to best utilize the invention and various embodiments with various modifications as are suited to the particular use contemplated. It is intended that the scope of the invention be defined by the claims appended hereto and their equivalents.

Claims (18)

1. A method for communicating a privacy policy associated with data and information stored on an identification tag, said method comprising:
at least one processor of a computer system including in an identification tag one or more attributes referencing characteristics of a physical object, said one or more attributes including a first identifier assigned to said physical object for uniquely identifying said physical object and a second identifier created for uniquely identifying a privacy policy that indicates to a recipient a proper and intended use of and a level of protection to be afforded data and information transmitted by said identification tag included in said physical object;
said at least one processor associating said second identifier with said first identifier assigned to said physical object, each of said first unique identifier and said second unique identifier being included in said identification tag; and
said at least one processor transmitting to a recipient, responsive to detection of a communication signal received from a receptor, said first identifier and said second identifier, said second identifier including an accept-reject provision for said privacy policy for controlling dissemination and usage of said data and information transmitted by said identification tag, wherein based on a response received from said recipient to said accept-reject provision for said privacy policy, said data and information is either transmitted or not transmitted to said recipient.
2. The method of claim 1, wherein said method further comprises:
said at least one processor signing said one or more attributes.
3. The method of claim 2, wherein said method further comprises:
said at least one processor ascertaining whether said recipient has accepted said accept-reject provision for said privacy policy referenced by said second identifier.
4. The method of claim 3, wherein said transmitting further comprises:
responsive to a determination that said recipient has not accepted said accept-reject provision for said privacy policy referenced by said second identifier, not transmitting said data and information contained in said identification tag.
5. The method of claim 4, wherein said including further comprises:
assigning the first identifier to said physical object to be identified; and
assigning the second identifier for said privacy policy for controlling dissemination and usage of said data and information.
6. The method of claim 5, wherein said identification tag comprises a chipless Radio Frequency Identification (RFID) tag, an active Radio Frequency Identification (RFID) tag, a passive Radio Frequency Identification (RFID) tag, a bar code, a smart card, a chip card or an integrated circuit (ICC).
7. A computer program product, comprising at least one computer-readable physically tangible storage device having computer-readable program code stored therein, said program code containing instructions configured to be executed by at least one processor of a computer system to implement a method for communicating a privacy policy associated with data and information stored on an identification tag, said method comprising:
said at least one processor of a computer system including in an identification tag one or more attributes referencing characteristics of a physical object, said one or more attributes including a first identifier assigned to said physical object for uniquely identifying said physical object and a second identifier created for uniquely identifying a privacy policy that indicates to a recipient a proper and intended use of and a level of protection to be afforded data and information transmitted by said identification tag included in said physical object;
said at least one processor associating said second identifier with said first identifier assigned to said physical object, each of said first unique identifier and said second unique identifier being included in said identification tag; and
said at least one processor transmitting to a recipient, responsive to detection of a communication signal received from a receptor, said first identifier and said second identifier, said second identifier including an accept-reject provision for said privacy policy for controlling dissemination and usage of said data and information transmitted by said identification tag, wherein based on a response received from said recipient to said accept-reject provision for said privacy policy, said data and information is either transmitted or not transmitted to said recipient.
8. The computer program product of claim 7, wherein said computer program product further comprises said at least one processor signing said one or more attributes.
9. The computer program product of claim 8, wherein said computer program product further comprises said at least one processor ascertaining whether said recipient has accepted said accept-reject provision for said privacy policy referenced by said second identifier.
10. The computer program product of claim 9, wherein said transmitting further comprises:
responsive to a determination that said recipient has not accepted said accept-reject provision for said privacy policy referenced by said second identifier, not transmitting said data and information contained in said identification tag.
11. The computer program product of claim 10, wherein said including further comprises:
assigning the first identifier to said physical object to be identified; and
assigning the second identifier for said privacy policy for controlling dissemination and usage of said data and information.
12. The computer program product of claim 11, wherein said identification tag wherein said identification tag comprises a chipless Radio Frequency Identification (RFID) tag, an active Radio Frequency Identification (RFID) tag, a passive Radio Frequency Identification (RFID) tag, a bar code, a smart card, a chip card or an integrated circuit (ICC).
13. A computer system comprising at least one processor, at least one memory coupled to said at least one processor, and at least one computer-readable storage device coupled to said at least one processor, said at least one computer-readable storage device containing program code configured to be executed by said at least one processor via said memory to implement a method for communicating a privacy policy associated with data and information stored on an identification tag, said method comprising:
said at least one processor including in an identification tag one or more attributes referencing characteristics of a physical object, said one or more attributes including a first identifier assigned to said physical object for uniquely identifying said physical object and a second identifier created for uniquely identifying a privacy policy that indicates to a recipient a proper and intended use of and a level of protection to be afforded data and information transmitted by said identification tag included in said physical object;
said at least one processor associating said second identifier with said first identifier assigned to said physical object, each of said first unique identifier and said second unique identifier being included in said identification tag; and
said at least one processor transmitting to a recipient, responsive to detection of a communication signal received from a receptor, said first identifier and said second identifier, said second identifier including an accept-reject provision for said privacy policy for controlling dissemination and usage of said data and information transmitted by said identification tag, wherein based on a response received from said recipient to said accept-reject provision for said privacy policy, said data and information is either transmitted or not transmitted to said recipient.
14. The computer system of claim 13, wherein said computer system further comprises said at least one processor signing said one or more attributes.
15. The computer system of claim 14, wherein said computer system further comprises said at least one processor ascertaining whether said recipient has accepted said accept-reject provision for said privacy policy referenced by said second identifier.
16. The computer system of claim 15, wherein said transmitting further comprises responsive to a determination that said recipient has not accepted said accept-reject provision for said privacy policy referenced by said second identifier, not transmitting said data and information contained in said identification tag.
17. The computer system of claim 16, wherein said including further comprises:
assigning the first identifier to said physical object to be identified; and
assigning the second identifier for said privacy policy for controlling dissemination and usage of said data and information.
18. The computer system of claim 17, wherein said identification tag comprises a chipless Radio Frequency Identification (RFID) tag, an active Radio Frequency Identification (RFID) tag, a passive Radio Frequency Identification (RFID) tag, a bar code, a smart card, a chip card or an integrated circuit (ICC).
US12370365 2009-02-12 2009-02-12 System, method and program product for communicating a privacy policy associated with a radio frequency identification tag and associated object Active 2031-01-21 US8242892B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12370365 US8242892B2 (en) 2009-02-12 2009-02-12 System, method and program product for communicating a privacy policy associated with a radio frequency identification tag and associated object

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US12370365 US8242892B2 (en) 2009-02-12 2009-02-12 System, method and program product for communicating a privacy policy associated with a radio frequency identification tag and associated object

Publications (2)

Publication Number Publication Date
US20100201489A1 true US20100201489A1 (en) 2010-08-12
US8242892B2 true US8242892B2 (en) 2012-08-14

Family

ID=42539957

Family Applications (1)

Application Number Title Priority Date Filing Date
US12370365 Active 2031-01-21 US8242892B2 (en) 2009-02-12 2009-02-12 System, method and program product for communicating a privacy policy associated with a radio frequency identification tag and associated object

Country Status (1)

Country Link
US (1) US8242892B2 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100201498A1 (en) * 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for associating a biometric reference template with a radio frequency identification tag
US20100205431A1 (en) * 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for checking revocation status of a biometric reference template
US20100205660A1 (en) * 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record
US20100205452A1 (en) * 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for communicating a privacy policy associated with a biometric reference template
US20100205658A1 (en) * 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for generating a cancelable biometric reference template on demand
US20110320805A1 (en) * 2010-06-28 2011-12-29 Sap Ag Secure sharing of data along supply chains
US20130173713A1 (en) * 2012-01-02 2013-07-04 Eric David Rich Anderson Securing communications among friends with user-wearable mementos

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101208081B1 (en) 2009-05-08 2012-12-05 한국전자통신연구원 Privacy protection in RFID-based service methods
US8710952B2 (en) * 2009-09-08 2014-04-29 The Regents Of The University Of California RFID reader revocation checking using low power attached displays
US8488782B2 (en) * 2009-10-20 2013-07-16 Oracle America, Inc. Parameterizable cryptography
CA2720194A1 (en) * 2010-11-05 2012-05-05 Prairie Tech Enterprises Ltd. Radio-frequency identification safety device
WO2012174042A3 (en) * 2011-06-14 2013-03-21 Ark Ideaz, Inc. Authentication systems and methods
US20140173071A1 (en) * 2012-12-13 2014-06-19 Microsoft Corporation Application based hardware identifiers
US9858247B2 (en) 2013-05-20 2018-01-02 Microsoft Technology Licensing, Llc Runtime resolution of content references
US9384357B2 (en) * 2014-10-01 2016-07-05 Quixey, Inc. Providing application privacy information
RU2598337C2 (en) * 2014-12-19 2016-09-20 Закрытое акционерное общество "Лаборатория Касперского" System and method of selecting means of interception of data transmitted over network

Citations (67)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5467081A (en) * 1992-02-22 1995-11-14 U.S. Philips Corporation Datacarriers with separate storage of read and write-inhibited memory locations
US5649099A (en) 1993-06-04 1997-07-15 Xerox Corporation Method for delegating access rights through executable access control program without delegating access rights not in a specification to any intermediary nor comprising server security
US6044224A (en) 1996-06-26 2000-03-28 Sun Microsystems, Inc. Mechanism for dynamically associating a service dependent representation with objects at run time
WO2000065770A1 (en) 1999-04-22 2000-11-02 Veridicom, Inc. High security biometric authentication using a public key/private key encryption pairs
US6256737B1 (en) 1999-03-09 2001-07-03 Bionetrix Systems Corporation System, method and computer program product for allowing access to enterprise resources using biometric devices
US20020026582A1 (en) 2000-08-31 2002-02-28 Sony Corporation Person authentication system, person authentication method and program providing medium
US20020100803A1 (en) * 1997-06-24 2002-08-01 Sehr Richard P. Passport system and methods utilizing multi-application passport cards
US20020174010A1 (en) * 1999-09-08 2002-11-21 Rice James L. System and method of permissive data flow and application transfer
US6554188B1 (en) * 1999-04-13 2003-04-29 Electronic Data Holdings Limited Terminal for an active labelling system
US20030088782A1 (en) 2001-11-08 2003-05-08 Ncr Corporation Biometrics template
US20030097383A1 (en) 2001-04-05 2003-05-22 Alexis Smirnov Enterprise privacy system
US20030115490A1 (en) 2001-07-12 2003-06-19 Russo Anthony P. Secure network and networked devices using biometrics
US20030129965A1 (en) 2001-10-31 2003-07-10 Siegel William G. Configuration management system and method used to configure a biometric authentication-enabled device
US20030189094A1 (en) 2002-04-09 2003-10-09 Trabitz Eugene L. Baggage tracking system
US20040020984A1 (en) 2002-08-01 2004-02-05 Ncr Corporation Self-service terminal
US20040123114A1 (en) 2002-01-02 2004-06-24 Mcgowan Tim Method and system for the generation, management, and use of a unique personal identification token for in person and electronic identification and authentication
US20040193893A1 (en) 2001-05-18 2004-09-30 Michael Braithwaite Application-specific biometric templates
US6836554B1 (en) 2000-06-16 2004-12-28 International Business Machines Corporation System and method for distorting a biometric for transactions with enhanced security and privacy
US20050005136A1 (en) 2003-04-23 2005-01-06 Liqun Chen Security method and apparatus using biometric data
US20050038718A1 (en) 2001-07-10 2005-02-17 American Express Travel Related Services Company, Inc. Method and system for facilitating a shopping experience
US20050055582A1 (en) 2003-09-05 2005-03-10 Bazakos Michael E. System and method for dynamic stand-off biometric verification
US20050088320A1 (en) 2003-10-08 2005-04-28 Aram Kovach System for registering and tracking vehicles
US20050180619A1 (en) 2002-01-17 2005-08-18 Cross Match Technologies, Inc. Biometric imaging system and method
US20050229007A1 (en) 2004-04-06 2005-10-13 Bolle Rudolf M System and method for remote self-enrollment in biometric databases
US20050240778A1 (en) 2004-04-26 2005-10-27 E-Smart Technologies, Inc., A Nevada Corporation Smart card for passport, electronic passport, and method, system, and apparatus for authenticating person holding smart card or electronic passport
WO2005122467A1 (en) 2004-06-09 2005-12-22 Koninklijke Philips Electronics N.V. Biometric template protection and feature handling
US20050283614A1 (en) * 2004-06-16 2005-12-22 Hardt Dick C Distributed hierarchical identity management system authentication mechanisms
US20060078171A1 (en) 2004-08-20 2006-04-13 The Research Foundation Of State University Of New York Stor Intellectual Property Division Biometric convolution using multiple biometrics
US7030760B1 (en) 2001-08-07 2006-04-18 Seecontrol, Inc. Method and apparatus for ensuring reliable loading of materials on aricraft and other vehicles
US20060090079A1 (en) 2004-10-21 2006-04-27 Honeywell International, Inc. Voice authenticated alarm exit and entry interface system
US20060104484A1 (en) 2004-11-16 2006-05-18 Bolle Rudolf M Fingerprint biometric machine representations based on triangles
US20060158751A1 (en) 2002-12-06 2006-07-20 Cross Match Technologies, Inc. Non-planar prism
US20060200683A1 (en) 2005-03-07 2006-09-07 The Boeing Company Biometric platform radio identification anti-theft system
US20060206723A1 (en) 2004-12-07 2006-09-14 Gil Youn H Method and system for integrated authentication using biometrics
US7120607B2 (en) 2000-06-16 2006-10-10 Lenovo (Singapore) Pte. Ltd. Business system and method using a distorted biometrics
US20060267773A1 (en) 2005-05-24 2006-11-30 V.H. Blackinton & Co., Inc. Badge verification device
US20060289648A1 (en) * 2005-06-20 2006-12-28 Microsoft Corporation Rich object model for diverse Auto-ID tags
US20070040654A1 (en) 2005-08-19 2007-02-22 Electronics And Telecommunications Research Institute Electronic tag including privacy level information and privacy protection apparatus and method using RFID tag
US20070040693A1 (en) 2005-01-10 2007-02-22 Ildiko Medve Method and system for locating a dependent
US20070044139A1 (en) 2003-05-21 2007-02-22 Tuyls Pim T Method and system for authentication of a physical object
US20070119924A1 (en) 2001-12-31 2007-05-31 Digital Data Research Company Security Clearance Card, System And Method Of Reading A Security Clearance Card
US20070136581A1 (en) 2005-02-15 2007-06-14 Sig-Tec Secure authentication facility
US20070164863A1 (en) * 2006-01-17 2007-07-19 International Business Machines Corporation System and method to track inventory using RFID tags
US20070226512A1 (en) 2004-06-09 2007-09-27 Koninklijke Philips Electronics, N.V. Architectures for Privacy Protection of Biometric Templates
US20070243932A1 (en) 2004-05-13 2007-10-18 Rothschild Wayne H Wagering Game System Secure Identification Module
US7298243B2 (en) 2003-11-12 2007-11-20 Rsa Security Inc. Radio frequency identification system with privacy policy implementation based on device classification
US7310734B2 (en) 2001-02-01 2007-12-18 3M Innovative Properties Company Method and system for securing a computer network and personal identification device used therein for controlling access to network components
US20080024271A1 (en) 2006-07-18 2008-01-31 L-1 Identity Solutions Operating Company Methods and apparatus for self check-in of items for transportation
US20080037833A1 (en) 2006-03-29 2008-02-14 Kenta Takahashi Method, System and Program for Authenticating a User by Biometric Information
US20080072284A1 (en) 2006-08-29 2008-03-20 Microsoft Corporation Zone Policy Administration For Entity Tracking And Privacy Assurance
US20080130882A1 (en) 2006-12-05 2008-06-05 International Business Machines Corporation Secure printing via rfid tags
US20080157927A1 (en) * 2004-12-31 2008-07-03 British Telecommunications Public Limited Company Control of Data Exchange
US20080162943A1 (en) 2006-12-28 2008-07-03 Ali Valiuddin Y Biometric security system and method
US20080169909A1 (en) * 2005-03-30 2008-07-17 Samsung Electronics Co., Ltd. Rf-Id Tag Reading System For Using Password and Method Thereof
US20090022374A1 (en) 2004-10-15 2009-01-22 Terrance Edward Boult Revocable biometrics with robust distance metrics
US20090027207A1 (en) 2007-07-27 2009-01-29 Jerry Shelton Method and system for securing movement of an object
US20090271635A1 (en) 2006-08-18 2009-10-29 Huawei Technologies Co., Ltd. Methods and systems for authentication
US7627895B2 (en) 2004-03-31 2009-12-01 British Telecommunications Plc Trust tokens
US7671746B2 (en) 2002-07-09 2010-03-02 Neology, Inc. System and method for providing secure identification solutions
US20100201498A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for associating a biometric reference template with a radio frequency identification tag
US20100205452A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for communicating a privacy policy associated with a biometric reference template
US20100205658A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for generating a cancelable biometric reference template on demand
US20100205660A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record
US20100205431A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for checking revocation status of a biometric reference template
US7788500B2 (en) 2004-10-08 2010-08-31 Fujitsu Limited Biometric authentication device and terminal
US20100332838A1 (en) 2007-06-07 2010-12-30 Neology, Inc. Systems and methods for authenticating and providing anti-counterfeiting features for important documents
US8001387B2 (en) 2006-04-19 2011-08-16 Dphi, Inc. Removable storage medium with biometric access

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7506374B2 (en) * 2001-10-31 2009-03-17 Computer Associates Think, Inc. Memory scanning system and method

Patent Citations (70)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5467081A (en) * 1992-02-22 1995-11-14 U.S. Philips Corporation Datacarriers with separate storage of read and write-inhibited memory locations
US5649099A (en) 1993-06-04 1997-07-15 Xerox Corporation Method for delegating access rights through executable access control program without delegating access rights not in a specification to any intermediary nor comprising server security
US6044224A (en) 1996-06-26 2000-03-28 Sun Microsystems, Inc. Mechanism for dynamically associating a service dependent representation with objects at run time
US20020100803A1 (en) * 1997-06-24 2002-08-01 Sehr Richard P. Passport system and methods utilizing multi-application passport cards
US6256737B1 (en) 1999-03-09 2001-07-03 Bionetrix Systems Corporation System, method and computer program product for allowing access to enterprise resources using biometric devices
US6554188B1 (en) * 1999-04-13 2003-04-29 Electronic Data Holdings Limited Terminal for an active labelling system
WO2000065770A1 (en) 1999-04-22 2000-11-02 Veridicom, Inc. High security biometric authentication using a public key/private key encryption pairs
US20020174010A1 (en) * 1999-09-08 2002-11-21 Rice James L. System and method of permissive data flow and application transfer
US7120607B2 (en) 2000-06-16 2006-10-10 Lenovo (Singapore) Pte. Ltd. Business system and method using a distorted biometrics
US6836554B1 (en) 2000-06-16 2004-12-28 International Business Machines Corporation System and method for distorting a biometric for transactions with enhanced security and privacy
US20020026582A1 (en) 2000-08-31 2002-02-28 Sony Corporation Person authentication system, person authentication method and program providing medium
US7310734B2 (en) 2001-02-01 2007-12-18 3M Innovative Properties Company Method and system for securing a computer network and personal identification device used therein for controlling access to network components
US20030097383A1 (en) 2001-04-05 2003-05-22 Alexis Smirnov Enterprise privacy system
US20040193893A1 (en) 2001-05-18 2004-09-30 Michael Braithwaite Application-specific biometric templates
US20050038718A1 (en) 2001-07-10 2005-02-17 American Express Travel Related Services Company, Inc. Method and system for facilitating a shopping experience
US20030115490A1 (en) 2001-07-12 2003-06-19 Russo Anthony P. Secure network and networked devices using biometrics
US7030760B1 (en) 2001-08-07 2006-04-18 Seecontrol, Inc. Method and apparatus for ensuring reliable loading of materials on aricraft and other vehicles
US20030129965A1 (en) 2001-10-31 2003-07-10 Siegel William G. Configuration management system and method used to configure a biometric authentication-enabled device
US20030088782A1 (en) 2001-11-08 2003-05-08 Ncr Corporation Biometrics template
US7302583B2 (en) 2001-11-08 2007-11-27 Ncr Corporation Biometrics template
US20070119924A1 (en) 2001-12-31 2007-05-31 Digital Data Research Company Security Clearance Card, System And Method Of Reading A Security Clearance Card
US20040123114A1 (en) 2002-01-02 2004-06-24 Mcgowan Tim Method and system for the generation, management, and use of a unique personal identification token for in person and electronic identification and authentication
US20050180619A1 (en) 2002-01-17 2005-08-18 Cross Match Technologies, Inc. Biometric imaging system and method
US20030189094A1 (en) 2002-04-09 2003-10-09 Trabitz Eugene L. Baggage tracking system
US7671746B2 (en) 2002-07-09 2010-03-02 Neology, Inc. System and method for providing secure identification solutions
US20040020984A1 (en) 2002-08-01 2004-02-05 Ncr Corporation Self-service terminal
US20060158751A1 (en) 2002-12-06 2006-07-20 Cross Match Technologies, Inc. Non-planar prism
US20050005136A1 (en) 2003-04-23 2005-01-06 Liqun Chen Security method and apparatus using biometric data
US20070044139A1 (en) 2003-05-21 2007-02-22 Tuyls Pim T Method and system for authentication of a physical object
US20050055582A1 (en) 2003-09-05 2005-03-10 Bazakos Michael E. System and method for dynamic stand-off biometric verification
US20050088320A1 (en) 2003-10-08 2005-04-28 Aram Kovach System for registering and tracking vehicles
US7298243B2 (en) 2003-11-12 2007-11-20 Rsa Security Inc. Radio frequency identification system with privacy policy implementation based on device classification
US7627895B2 (en) 2004-03-31 2009-12-01 British Telecommunications Plc Trust tokens
US20050229007A1 (en) 2004-04-06 2005-10-13 Bolle Rudolf M System and method for remote self-enrollment in biometric databases
US20050240778A1 (en) 2004-04-26 2005-10-27 E-Smart Technologies, Inc., A Nevada Corporation Smart card for passport, electronic passport, and method, system, and apparatus for authenticating person holding smart card or electronic passport
US20070243932A1 (en) 2004-05-13 2007-10-18 Rothschild Wayne H Wagering Game System Secure Identification Module
WO2005122467A1 (en) 2004-06-09 2005-12-22 Koninklijke Philips Electronics N.V. Biometric template protection and feature handling
US20070180261A1 (en) 2004-06-09 2007-08-02 Koninklijke Philips Electronics, N.V. Biometric template protection and feature handling
US20070226512A1 (en) 2004-06-09 2007-09-27 Koninklijke Philips Electronics, N.V. Architectures for Privacy Protection of Biometric Templates
US20050283614A1 (en) * 2004-06-16 2005-12-22 Hardt Dick C Distributed hierarchical identity management system authentication mechanisms
US20060078171A1 (en) 2004-08-20 2006-04-13 The Research Foundation Of State University Of New York Stor Intellectual Property Division Biometric convolution using multiple biometrics
US7788500B2 (en) 2004-10-08 2010-08-31 Fujitsu Limited Biometric authentication device and terminal
US20090022374A1 (en) 2004-10-15 2009-01-22 Terrance Edward Boult Revocable biometrics with robust distance metrics
US20060090079A1 (en) 2004-10-21 2006-04-27 Honeywell International, Inc. Voice authenticated alarm exit and entry interface system
US20060104484A1 (en) 2004-11-16 2006-05-18 Bolle Rudolf M Fingerprint biometric machine representations based on triangles
US20060206723A1 (en) 2004-12-07 2006-09-14 Gil Youn H Method and system for integrated authentication using biometrics
US20080157927A1 (en) * 2004-12-31 2008-07-03 British Telecommunications Public Limited Company Control of Data Exchange
US20070040693A1 (en) 2005-01-10 2007-02-22 Ildiko Medve Method and system for locating a dependent
US20070136581A1 (en) 2005-02-15 2007-06-14 Sig-Tec Secure authentication facility
US20060200683A1 (en) 2005-03-07 2006-09-07 The Boeing Company Biometric platform radio identification anti-theft system
US20080169909A1 (en) * 2005-03-30 2008-07-17 Samsung Electronics Co., Ltd. Rf-Id Tag Reading System For Using Password and Method Thereof
US20060267773A1 (en) 2005-05-24 2006-11-30 V.H. Blackinton & Co., Inc. Badge verification device
US20060289648A1 (en) * 2005-06-20 2006-12-28 Microsoft Corporation Rich object model for diverse Auto-ID tags
US20070040654A1 (en) 2005-08-19 2007-02-22 Electronics And Telecommunications Research Institute Electronic tag including privacy level information and privacy protection apparatus and method using RFID tag
US20070164863A1 (en) * 2006-01-17 2007-07-19 International Business Machines Corporation System and method to track inventory using RFID tags
US7936905B2 (en) 2006-03-29 2011-05-03 Hitachi, Ltd. Method, system and program for authenticating a user by biometric information
US20080037833A1 (en) 2006-03-29 2008-02-14 Kenta Takahashi Method, System and Program for Authenticating a User by Biometric Information
US8001387B2 (en) 2006-04-19 2011-08-16 Dphi, Inc. Removable storage medium with biometric access
US20080024271A1 (en) 2006-07-18 2008-01-31 L-1 Identity Solutions Operating Company Methods and apparatus for self check-in of items for transportation
US20090271635A1 (en) 2006-08-18 2009-10-29 Huawei Technologies Co., Ltd. Methods and systems for authentication
US20080072284A1 (en) 2006-08-29 2008-03-20 Microsoft Corporation Zone Policy Administration For Entity Tracking And Privacy Assurance
US20080130882A1 (en) 2006-12-05 2008-06-05 International Business Machines Corporation Secure printing via rfid tags
US20080162943A1 (en) 2006-12-28 2008-07-03 Ali Valiuddin Y Biometric security system and method
US20100332838A1 (en) 2007-06-07 2010-12-30 Neology, Inc. Systems and methods for authenticating and providing anti-counterfeiting features for important documents
US20090027207A1 (en) 2007-07-27 2009-01-29 Jerry Shelton Method and system for securing movement of an object
US20100205660A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record
US20100205431A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for checking revocation status of a biometric reference template
US20100201498A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for associating a biometric reference template with a radio frequency identification tag
US20100205452A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for communicating a privacy policy associated with a biometric reference template
US20100205658A1 (en) 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for generating a cancelable biometric reference template on demand

Non-Patent Citations (33)

* Cited by examiner, † Cited by third party
Title
Advisory Action (Mail Date May 14, 2012) for U.S. Appl. No. 12/370,345, filed Feb. 12, 2009; Confirmation No. 5537.
Amendment and Request for Continued Examination filed Jan. 11, 2012 in response to Final Office Action (Mail Date Oct. 12, 2011) for U.S. Appl. No. 12/370,334, filed Feb. 12, 2009; GAU 2434; Confirmation No. 5517.
Amendment filed Dec. 22, 2011 in response to Office Action (Mail Date Sep. 27, 2011) for U.S. Appl. No. 12/370,379, filed Feb. 12, 2009; GAU 2434; Confirmation 5597.
Amendment filed Feb. 9, 2012 in response to Office Action (Mail Date Nov. 9, 2011) for U.S. Appl. No. 12/370,359, filed Feb. 12, 2009; GAU 2434; Confirmation No. 5560.
Amendment filed Jan. 30, 2012 in response to Office Action (Mail Date Nov. 1, 2011) for U.S. Appl. No. 12/370,345, filed Feb. 12, 2009; GAU 2612; Confirmation No. 4437.
Amendment filed Jun. 4, 2012 in response to Office Action (Mail Date Mar. 6, 2012) for U.S. Appl. No. 12/370,334, filed Feb. 12, 2009; Confirmation No. 5517.
Amendment filed May 24, 2012 in response to Advisory Action (Mail Date May 14, 2012) for U.S. Appl. No. 12/370,345, filed Feb. 12, 2009; Confirmation No. 5537.
Amendment filed May 8, 2012 in response to Final Office Action (Mail Date Mar. 9, 2012) for U.S. Appl. No. 12/370,345, filed Feb. 12, 2009; Confirmation No. 5537.
Amendment filed Sep. 22, 2011 in response to Office Action (Mail Date Jul. 13, 2011) for U.S. Appl. No. 12/370,334, filed Feb. 12, 2009; GAU 2434; Confirmation No. 5517.
Berners-Lee, T. et al., Uniform Resource Identifiers (URI): Generic Syntax, RFC 2396, http://ietfreport.isoc.org/rfc/rfc2396.txt, Aug. 1998, pp. 1-40.
Final Office Action (Mail Date Mar. 9, 2012) for U.S. Appl. No. 12/370,345, filed Feb. 12, 2009; Confirmation No. 5537.
Final Office Action (Mail Date May 14, 2012) for U.S. Appl. No. 12/370,379, filed Feb. 12, 2009; Confirmation No. 5597.
Final Office Action (Mail Date Oct. 12, 2011) for U.S. Appl. No. 12/370,334, filed Feb. 12, 2009; GAU 2434; Confirmation No. 5517.
Griffin, P., ISO 19092: A Standard for Biometric Security Management, ISSA Journal, Jan. 2007, pp. 20-23.
Griffin, P., U.S. Appl. No. 12/370,334, System, Method and Program Product for Checking Revocation Status of a Biometric Reference Template, filed Feb. 12, 2009.
Griffin, P., U.S. Appl. No. 12/370,345, System, Method and Program Product for Associating a Biometric Reference Template With a Radio Frequency Identification Tag, filed Feb. 12, 2009.
Griffin, P., U.S. Appl. No. 12/370,350, System, Method and Program Product for Recording Creation of a Cancelable Biometric Reference Template in a Biometric Event Journal Record, filed Feb. 12, 2009.
Griffin, P., U.S. Appl. No. 12/370,359, System, Method and Program Product for Communicating a Privacy Policyassociated with a Biometric Reference Template, filed Feb. 12, 2009.
Griffin, P., U.S. Appl. No. 12/370,379, System, Method and Program Product for Generating a Cancelable Biometric Reference Template, filed Feb. 12, 2009.
ITU-T Telecommunication Standardization Sector of ITU, X.667, Series X: Data Networks and Open System Communications-OSI networking and system aspects-Abstract Syntax Notation One (ASN.1), ISO/IEC 8824-1:2003 (E), 146 pages, Geneva, Switzerland 2005.
ITU-T Telecommunication Standardization Sector of ITU, X.667, Series X: Data Networks and Open System Communications—OSI networking and system aspects—Abstract Syntax Notation One (ASN.1), ISO/IEC 8824-1:2003 (E), 146 pages, Geneva, Switzerland 2005.
ITU-T Telecommunication Standardization Sector of ITU, X.667, Series X: Data Networks and Open System Communications-OSI networking and system aspects-Naming, Addressing and Registration, ISO/IEC 9834-9838: 2005 (E), 34 pages, Geneva, Switzerland 2005.
ITU-T Telecommunication Standardization Sector of ITU, X.667, Series X: Data Networks and Open System Communications—OSI networking and system aspects—Naming, Addressing and Registration, ISO/IEC 9834-9838: 2005 (E), 34 pages, Geneva, Switzerland 2005.
Juels, A., et al., Soft Blocking: Flexible Blocker Tags on the Cheap, WPES' 04, Oct. 28, 2004, Washington, DC, USA, pp. 1-7.
Molnar, D., et al., Privacy for RFID Through Trusted Computing, WPES' 05, Nov. 7, 2005, Alexandria, Virginia, USA, pp. 31-34.
Notice of Allowance (Mail Date May 30, 2012) for U.S. Appl. No. 12/370,345, filed Feb. 12, 2009; Confirmation No. 5537.
Office Action (Mail Date Jul. 13, 2011) for U.S. Appl. No. 12/370,334, filed Feb. 12, 2009; GAU 2434; Confirmation No. 5517.
Office Action (Mail Date Mar. 13, 2012) for U.S. Appl. No. 12/370,350, filed Feb. 12, 2009; Confirmation No. 5548.
Office Action (Mail Date Mar. 6, 2012) for U.S. Appl. No. 12/370,334, filed Feb. 12, 2009; Confirmation No. 5517.
Office Action (Mail Date Nov. 1, 2011) for U.S. Appl. No. 12/370,345, filed Feb. 12, 2009; GAU 2612; Confirmation No. 4437.
Office Action (Mail Date Nov. 9, 2011) for U.S. Appl. No. 12/370,359, filed Feb. 12, 2009; GAU 2434; Confirmation No. 5560.
Office Action (Mail Date Sep. 27, 2011) for U.S. Appl. No. 12/370,379, filed Feb. 12, 2009; GAU 2434; Confirmation No. 5597.
Ratha, et al.; Generating Cancelable Fingerprint Templates; IEEE Transactions on Pattern Analysis and Machine Intelligence; vol. 29, No. 4; Apr. 2007; pp. 561-572.

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100201498A1 (en) * 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for associating a biometric reference template with a radio frequency identification tag
US20100205431A1 (en) * 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for checking revocation status of a biometric reference template
US20100205660A1 (en) * 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record
US20100205452A1 (en) * 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for communicating a privacy policy associated with a biometric reference template
US20100205658A1 (en) * 2009-02-12 2010-08-12 International Business Machines Corporation System, method and program product for generating a cancelable biometric reference template on demand
US8756416B2 (en) 2009-02-12 2014-06-17 International Business Machines Corporation Checking revocation status of a biometric reference template
US8289135B2 (en) 2009-02-12 2012-10-16 International Business Machines Corporation System, method and program product for associating a biometric reference template with a radio frequency identification tag
US8301902B2 (en) 2009-02-12 2012-10-30 International Business Machines Corporation System, method and program product for communicating a privacy policy associated with a biometric reference template
US8327134B2 (en) 2009-02-12 2012-12-04 International Business Machines Corporation System, method and program product for checking revocation status of a biometric reference template
US8359475B2 (en) 2009-02-12 2013-01-22 International Business Machines Corporation System, method and program product for generating a cancelable biometric reference template on demand
US8508339B2 (en) 2009-02-12 2013-08-13 International Business Machines Corporation Associating a biometric reference template with an identification tag
US9298902B2 (en) 2009-02-12 2016-03-29 International Business Machines Corporation System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record
US8745370B2 (en) * 2010-06-28 2014-06-03 Sap Ag Secure sharing of data along supply chains
US20110320805A1 (en) * 2010-06-28 2011-12-29 Sap Ag Secure sharing of data along supply chains
US20130173713A1 (en) * 2012-01-02 2013-07-04 Eric David Rich Anderson Securing communications among friends with user-wearable mementos

Also Published As

Publication number Publication date Type
US20100201489A1 (en) 2010-08-12 application

Similar Documents

Publication Publication Date Title
US6938157B2 (en) Distributed information system and protocol for affixing electronic signatures and authenticating documents
US8112794B2 (en) Management of multiple connections to a security token access device
US6918042B1 (en) Secure configuration of a digital certificate for a printer or other network device
US20050138365A1 (en) Mobile device and method for providing certificate based cryptography
US20060048228A1 (en) Communication system and security assurance device
US20030212888A1 (en) System and method of looking up and validating a digital certificate in one pass
US20040078573A1 (en) Remote access system, remote access method, and remote access program
US20070271618A1 (en) Securing access to a service data object
US20070136599A1 (en) Information processing apparatus and control method thereof
US20060206433A1 (en) Secure and authenticated delivery of data from an automated meter reading system
US20060181397A1 (en) Method and apparatus for associating randomized identifiers with tagged assets
US20030208681A1 (en) Enforcing file authorization access
US20070250904A1 (en) Privacy protection system
US20100001840A1 (en) Method and system for authenticating rfid tag
US20060032901A1 (en) Information providing method, information providing system and relay equipment
US20060072745A1 (en) Encryption system using device authentication keys
US20150113592A1 (en) Method of establishing a trusted identity for an agent device
US20020004767A1 (en) Identification code management method and management system
US20090028337A1 (en) Method and Apparatus for Providing Security in a Radio Frequency Identification System
US20120207305A1 (en) Secure smart poster
US20120290850A1 (en) Data management
US20080157927A1 (en) Control of Data Exchange
US20040236953A1 (en) Method and device for transmitting an electronic message
CN1536807A (en) Document safety transfer system and method
US20100205431A1 (en) System, method and program product for checking revocation status of a biometric reference template

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GRIFFIN, PHILLIP H.;REEL/FRAME:022252/0462

Effective date: 20090212

FPAY Fee payment

Year of fee payment: 4